Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

Sven Hoexter Thu, 29 Oct 2015 02:10:00 -0700

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu


Hi,
The Fuzzing Project found two issues in the exfat-utils package and the security
team asked me to fix them via a stable update.

Changelog:
exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium

  * Add quilt to build-deps.
  * Add --with quilt to dh invocation in d/rules.
  * Add d/patches/check-sector-and-cluster-size. Fix for
    https://github.com/relan/exfat/issues/5 found and reported by
    The Fuzzing Project.
  * Add d/patches/detect-infinite-loop. Fix for
    https://github.com/relan/exfat/issues/6 found and reported by
    The Fuzzing Project.

 -- Sven Hoexter <hoex...@debian.org>  Thu, 29 Oct 2015 09:40:20 +0100

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog
--- exfat-utils-1.1.0/debian/changelog
+++ exfat-utils-1.1.0/debian/changelog
@@ -1,3 +1,16 @@
+exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium
+
+  * Add quilt to build-deps.
+  * Add --with quilt to dh invocation in d/rules.
+  * Add d/patches/check-sector-and-cluster-size. Fix for
+    https://github.com/relan/exfat/issues/5 found and reported by
+    The Fuzzing Project.
+  * Add d/patches/detect-infinite-loop. Fix for
+    https://github.com/relan/exfat/issues/6 found and reported by
+    The Fuzzing Project.
+
+ -- Sven Hoexter <hoex...@debian.org>  Thu, 29 Oct 2015 09:40:20 +0100
+
 exfat-utils (1.1.0-2) unstable; urgency=low
 
   * Remove debian/watch - recent changes at Google code required
diff -u exfat-utils-1.1.0/debian/control exfat-utils-1.1.0/debian/control
--- exfat-utils-1.1.0/debian/control
+++ exfat-utils-1.1.0/debian/control
@@ -2,7 +2,7 @@
 Section: otherosfs
 Priority: optional
 Maintainer: Sven Hoexter <hoex...@debian.org>
-Build-Depends: debhelper (>= 9), scons
+Build-Depends: debhelper (>= 9), scons, quilt
 Standards-Version: 3.9.5
 Homepage: http://code.google.com/p/exfat/
 Vcs-Git: git://git.sven.stormbind.net/git/sven/exfat-utils.git
diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf
--- exfat-utils-1.1.0/debian/gbp.conf
+++ exfat-utils-1.1.0/debian/gbp.conf
@@ -2,0 +3 @@
+debian-branch = jessie-updates
diff -u exfat-utils-1.1.0/debian/rules exfat-utils-1.1.0/debian/rules
--- exfat-utils-1.1.0/debian/rules
+++ exfat-utils-1.1.0/debian/rules
@@ -6,7 +6,7 @@
 export CCFLAGS = $(CFLAGS) -Wall -std=c99 -D_GNU_SOURCE
 
 %:
-	dh $@
+	dh $@ --with quilt
 
 override_dh_auto_build:
 	scons
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/README.source
+++ exfat-utils-1.1.0/debian/README.source
@@ -0,0 +1,5 @@
+This package uses quilt to manage the patches in debian/patches.
+For further information please install the quilt package and read
+/usr/share/doc/quilt/README.source.
+
+ -- sven <sven@shoexter.internal>, Thu, 29 Oct 2015 09:05:34 +0100
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/check-sector-and-cluster-size
+++ exfat-utils-1.1.0/debian/patches/check-sector-and-cluster-size
@@ -0,0 +1,48 @@
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const
+ 		exfat_error("exFAT file system is not found");
+ 		return -EIO;
+ 	}
++	/* sector cannot be smaller than 512 bytes */
++	if (ef->sb->sector_bits < 9)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++		free(ef->sb);
++		return -EIO;
++	}
++	/* officially exFAT supports cluster size up to 32 MB */
++	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++				ef->sb->sector_bits, ef->sb->spc_bits);
++		free(ef->sb);
++		return -EIO;
++	}
+ 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ 	if (ef->zero_cluster == NULL)
+ 	{
+@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const
+ 		free(ef->sb);
+ 		return -EIO;
+ 	}
+-	/* officially exFAT supports cluster size up to 32 MB */
+-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+-	{
+-		free(ef->zero_cluster);
+-		exfat_close(ef->dev);
+-		exfat_error("too big cluster size: 2^%d",
+-				(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+-		free(ef->sb);
+-		return -EIO;
+-	}
+ 	if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
+ 			exfat_get_size(ef->dev))
+ 	{
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/detect-infinite-loop
+++ exfat-utils-1.1.0/debian/patches/detect-infinite-loop
@@ -0,0 +1,52 @@
+Patch for https://github.com/relan/exfat/issues/6
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -30,23 +30,32 @@
+ 
+ static uint64_t rootdir_size(const struct exfat* ef)
+ {
+-	uint64_t clusters = 0;
++	uint32_t clusters = 0;
++	uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
+ 	cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
+ 
+-	while (!CLUSTER_INVALID(rootdir_cluster))
++	/* Iterate all clusters of the root directory to calculate its size.
++	   It can't be contiguous because there is no flag to indicate this. */
++	do
+ 	{
+-		clusters++;
+-		/* root directory cannot be contiguous because there is no flag
+-		   to indicate this */
++		if (clusters == clusters_max) /* infinite loop detected */
++		{
++			exfat_error("root directory cannot occupy all %d clusters",
++					clusters);
++			return 0;
++		}
++		if (CLUSTER_INVALID(rootdir_cluster))
++		{
++			exfat_error("bad cluster %#x while reading root directory",
++					rootdir_cluster);
++			return 0;
++		}
+ 		rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
++		clusters++;
+ 	}
+-	if (rootdir_cluster != EXFAT_CLUSTER_END)
+-	{
+-		exfat_error("bad cluster %#x while reading root directory",
+-				rootdir_cluster);
+-		return 0;
+-	}
+-	return clusters * CLUSTER_SIZE(*ef->sb);
++	while (rootdir_cluster != EXFAT_CLUSTER_END);
++
++	return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
+ }
+ 
+ static const char* get_option(const char* options, const char* option_name)
only in patch2:
unchanged:
--- exfat-utils-1.1.0.orig/debian/patches/series
+++ exfat-utils-1.1.0/debian/patches/series
@@ -0,0 +1,2 @@
+check-sector-and-cluster-size
+detect-infinite-loop

Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1

Reply via email to